Michael Hamburg
9 years ago
9 changed files with 51 additions and 48 deletions
Split View
Diff Options
-
+3 -3include/decaf_crypto.h
-
+24 -18include/shake.h
-
+0 -1src/decaf.c
-
+8 -8src/decaf_crypto.c
-
+2 -1src/decaf_gen_tables.c
-
+1 -1src/p448/arch_neon_experimental/p448.c
-
+0 -4src/p480/arch_x86_64/x86-64-arith.h
-
+6 -5src/shake.c
-
+7 -7test/shakesum.c
+ 3
- 3
include/decaf_crypto.h
View File
| @@ -122,11 +122,11 @@ void | |||
| decaf_255_sign_shake ( | |||
| decaf_255_signature_t sig, | |||
| const decaf_255_private_key_t priv, | |||
| const keccak_sponge_t shake | |||
| const shake256_ctx_t shake | |||
| ) NONNULL3 API_VIS; | |||
| /** | |||
| * @brief Sign a message from its SHAKE context. | |||
| * @brief Sign a message. | |||
| * | |||
| * @param [out] sig The signature. | |||
| * @param [in] priv Your private key. | |||
| @@ -152,7 +152,7 @@ decaf_bool_t | |||
| decaf_255_verify_shake ( | |||
| const decaf_255_signature_t sig, | |||
| const decaf_255_public_key_t pub, | |||
| const keccak_sponge_t shake | |||
| const shake256_ctx_t shake | |||
| ) NONNULL3 API_VIS WARN_UNUSED; | |||
| /** | |||
+ 24
- 18
include/shake.h
View File
| @@ -26,7 +26,6 @@ | |||
| #define NONNULL3 __attribute__((nonnull(1,2,3))) | |||
| /** @endcond */ | |||
| /* TODO: different containing structs for each primitive? */ | |||
| #ifndef INTERNAL_SPONGE_STRUCT | |||
| /** Sponge container object for the various primitives. */ | |||
| typedef struct keccak_sponge_s { | |||
| @@ -119,40 +118,48 @@ void sponge_hash ( | |||
| /** @cond internal */ | |||
| #define DECSHAKE(n) \ | |||
| extern const struct kparams_s SHAKE##n##_params_s API_VIS; \ | |||
| static inline void NONNULL1 shake##n##_init(keccak_sponge_t sponge) { \ | |||
| typedef struct shake##n##_ctx_s { keccak_sponge_t s; } shake##n##_ctx_t[1]; \ | |||
| static inline void NONNULL1 shake##n##_init(shake##n##_ctx_t sponge) { \ | |||
| sponge_init(sponge->s, &SHAKE##n##_params_s); \ | |||
| } \ | |||
| static inline void NONNULL1 shake##n##_gen_init(keccak_sponge_t sponge) { \ | |||
| sponge_init(sponge, &SHAKE##n##_params_s); \ | |||
| } \ | |||
| static inline void NONNULL2 shake##n##_update(keccak_sponge_t sponge, const uint8_t *in, size_t inlen ) { \ | |||
| sha3_update(sponge, in, inlen); \ | |||
| static inline void NONNULL2 shake##n##_update(shake##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ | |||
| sha3_update(sponge->s, in, inlen); \ | |||
| } \ | |||
| static inline void NONNULL2 shake##n##_final(keccak_sponge_t sponge, uint8_t *out, size_t outlen ) { \ | |||
| sha3_output(sponge, out, outlen); \ | |||
| sponge_init(sponge, &SHAKE##n##_params_s); \ | |||
| static inline void NONNULL2 shake##n##_final(shake##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ | |||
| sha3_output(sponge->s, out, outlen); \ | |||
| sponge_init(sponge->s, &SHAKE##n##_params_s); \ | |||
| } \ | |||
| static inline void NONNULL13 shake##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ | |||
| sponge_hash(in,inlen,out,outlen,&SHAKE##n##_params_s); \ | |||
| } \ | |||
| static inline void NONNULL1 shake##n##_destroy( keccak_sponge_t sponge ) { \ | |||
| sponge_destroy(sponge); \ | |||
| static inline void NONNULL1 shake##n##_destroy( shake##n##_ctx_t sponge ) { \ | |||
| sponge_destroy(sponge->s); \ | |||
| } | |||
| #define DECSHA3(n) \ | |||
| extern const struct kparams_s SHA3_##n##_params_s API_VIS; \ | |||
| static inline void NONNULL1 sha3_##n##_init(keccak_sponge_t sponge) { \ | |||
| typedef struct sha3_##n##_ctx_s { keccak_sponge_t s; } sha3_##n##_ctx_t[1]; \ | |||
| static inline void NONNULL1 sha3_##n##_init(sha3_##n##_ctx_t sponge) { \ | |||
| sponge_init(sponge->s, &SHA3_##n##_params_s); \ | |||
| } \ | |||
| static inline void NONNULL1 sha3_##n##_gen_init(keccak_sponge_t sponge) { \ | |||
| sponge_init(sponge, &SHA3_##n##_params_s); \ | |||
| } \ | |||
| static inline void NONNULL2 sha3_##n##_update(keccak_sponge_t sponge, const uint8_t *in, size_t inlen ) { \ | |||
| sha3_update(sponge, in, inlen); \ | |||
| static inline void NONNULL2 sha3_##n##_update(sha3_##n##_ctx_t sponge, const uint8_t *in, size_t inlen ) { \ | |||
| sha3_update(sponge->s, in, inlen); \ | |||
| } \ | |||
| static inline void NONNULL2 sha3_##n##_final(keccak_sponge_t sponge, uint8_t *out, size_t outlen ) { \ | |||
| sha3_output(sponge, out, outlen); \ | |||
| sponge_init(sponge, &SHA3_##n##_params_s); \ | |||
| static inline void NONNULL2 sha3_##n##_final(sha3_##n##_ctx_t sponge, uint8_t *out, size_t outlen ) { \ | |||
| sha3_output(sponge->s, out, outlen); \ | |||
| sponge_init(sponge->s, &SHA3_##n##_params_s); \ | |||
| } \ | |||
| static inline void NONNULL13 sha3_##n##_hash(uint8_t *out, size_t outlen, const uint8_t *in, size_t inlen) { \ | |||
| sponge_hash(in,inlen,out,outlen,&SHA3_##n##_params_s); \ | |||
| } \ | |||
| static inline void NONNULL1 sha3_##n##_destroy( keccak_sponge_t sponge ) { \ | |||
| sponge_destroy(sponge); \ | |||
| static inline void NONNULL1 sha3_##n##_destroy(sha3_##n##_ctx_t sponge) { \ | |||
| sponge_destroy(sponge->s); \ | |||
| } | |||
| /** @endcond */ | |||
| @@ -253,7 +260,6 @@ extern const struct kparams_s STROBE_256 API_VIS; | |||
| extern const struct kparams_s STROBE_KEYED_128 API_VIS; | |||
| extern const struct kparams_s STROBE_KEYED_256 API_VIS; | |||
| /** TODO: remove this restriction?? */ | |||
| #define STROBE_MAX_AUTH_BYTES 255 | |||
| /** TODO: check "more" flags? */ | |||
+ 0
- 1
src/decaf.c
View File
| @@ -81,7 +81,6 @@ const decaf_448_point_t decaf_448_point_base = {{ | |||
| struct decaf_448_precomputed_s { decaf_448_point_t p[1]; }; | |||
| /* FIXME: restore */ | |||
| const struct decaf_448_precomputed_s *decaf_448_precomputed_base = | |||
| (const struct decaf_448_precomputed_s *)decaf_448_point_base; | |||
+ 8
- 8
src/decaf_crypto.c
View File
| @@ -21,7 +21,7 @@ void decaf_255_derive_private_key ( | |||
| uint8_t encoded_scalar[DECAF_255_SCALAR_OVERKILL_BYTES]; | |||
| decaf_255_point_t pub; | |||
| keccak_sponge_t sponge; | |||
| shake256_ctx_t sponge; | |||
| shake256_init(sponge); | |||
| shake256_update(sponge, proto, sizeof(decaf_255_symmetric_key_t)); | |||
| shake256_update(sponge, (const unsigned char *)magic, strlen(magic)); | |||
| @@ -77,7 +77,7 @@ decaf_255_shared_secret ( | |||
| } | |||
| less >>= 8; | |||
| keccak_sponge_t sponge; | |||
| shake256_ctx_t sponge; | |||
| shake256_init(sponge); | |||
| /* update the lesser */ | |||
| @@ -117,7 +117,7 @@ void | |||
| decaf_255_sign_shake ( | |||
| decaf_255_signature_t sig, | |||
| const decaf_255_private_key_t priv, | |||
| const keccak_sponge_t shake | |||
| const shake256_ctx_t shake | |||
| ) { | |||
| const char *magic = "decaf_255_sign_shake"; | |||
| @@ -126,7 +126,7 @@ decaf_255_sign_shake ( | |||
| decaf_255_scalar_t nonce, challenge; | |||
| /* Derive nonce */ | |||
| keccak_sponge_t ctx; | |||
| shake256_ctx_t ctx; | |||
| memcpy(ctx, shake, sizeof(ctx)); | |||
| shake256_update(ctx, priv->sym, sizeof(priv->sym)); | |||
| shake256_update(ctx, (const unsigned char *)magic, strlen(magic)); | |||
| @@ -163,7 +163,7 @@ decaf_bool_t | |||
| decaf_255_verify_shake ( | |||
| const decaf_255_signature_t sig, | |||
| const decaf_255_public_key_t pub, | |||
| const keccak_sponge_t shake | |||
| const shake256_ctx_t shake | |||
| ) { | |||
| decaf_bool_t ret; | |||
| @@ -172,7 +172,7 @@ decaf_255_verify_shake ( | |||
| decaf_255_scalar_t challenge, response; | |||
| /* Derive challenge */ | |||
| keccak_sponge_t ctx; | |||
| shake256_ctx_t ctx; | |||
| memcpy(ctx, shake, sizeof(ctx)); | |||
| shake256_update(ctx, pub, sizeof(decaf_255_public_key_t)); | |||
| shake256_update(ctx, sig, DECAF_255_SER_BYTES); | |||
| @@ -201,7 +201,7 @@ decaf_255_sign ( | |||
| const unsigned char *message, | |||
| size_t message_len | |||
| ) { | |||
| keccak_sponge_t ctx; | |||
| shake256_ctx_t ctx; | |||
| shake256_init(ctx); | |||
| shake256_update(ctx, message, message_len); | |||
| decaf_255_sign_shake(sig, priv, ctx); | |||
| @@ -215,7 +215,7 @@ decaf_255_verify ( | |||
| const unsigned char *message, | |||
| size_t message_len | |||
| ) { | |||
| keccak_sponge_t ctx; | |||
| shake256_ctx_t ctx; | |||
| shake256_init(ctx); | |||
| shake256_update(ctx, message, message_len); | |||
| decaf_bool_t ret = decaf_255_verify_shake(sig, pub, ctx); | |||
+ 2
- 1
src/decaf_gen_tables.c
View File
| @@ -151,7 +151,8 @@ int main(int argc, char **argv) { | |||
| } | |||
| scalar_print("sc_r2", smadj); | |||
| API_NS(scalar_sub)(smadj,API_NS(scalar_zero),API_NS(scalar_one)); /* HACK */ | |||
| API_NS(scalar_sub)(smadj,API_NS(scalar_zero),API_NS(scalar_one)); /* get p-1 */ | |||
| unsigned long long w = 1, plo = smadj->limb[0]+1; | |||
| #if DECAF_WORD_BITS == 32 | |||
+ 1
- 1
src/p448/arch_neon_experimental/p448.c
View File
| @@ -618,7 +618,7 @@ p448_mulw ( | |||
| vo[1] += vmovn_u64(accum); | |||
| } | |||
| /* TODO: vectorize? */ | |||
| /* PERF: vectorize? */ | |||
| void | |||
| p448_strong_reduce ( | |||
| p448_t *a | |||
+ 0
- 4
src/p480/arch_x86_64/x86-64-arith.h
View File
| @@ -7,10 +7,6 @@ | |||
| #include <stdint.h> | |||
| /* TODO: non x86-64 versions of these. | |||
| * FUTURE: autogenerate | |||
| */ | |||
| static __inline__ __uint128_t widemul(const uint64_t *a, const uint64_t *b) { | |||
| #ifndef __BMI2__ | |||
| uint64_t c,d; | |||
+ 6
- 5
src/shake.c
View File
| @@ -669,11 +669,13 @@ decaf_bool_t strobe_prng ( | |||
| size_t len, | |||
| uint8_t more | |||
| ) { | |||
| /* FIXME: length?? */ | |||
| unsigned char control[] = { PRNG }; | |||
| unsigned char control[9] = { PRNG }; | |||
| int i; | |||
| for (i=0; i<8; i++) control[i+1] = len>>(8*i); | |||
| decaf_bool_t ret = strobe_control_word(sponge, control, sizeof(control), more); | |||
| strobe_duplex(sponge, out, NULL, len); | |||
| // /** TODO: orly? */ | |||
| // TODO: forget as follows? this breaks "more" | |||
| // unsigned char control2[] = { 0, STROBE_FORGET_BYTES, TAGFORGET }; | |||
| // ret &= strobe_control_word(sponge, control2, sizeof(control2)); | |||
| // strobe_forget(sponge, STROBE_FORGET_BYTES); | |||
| @@ -681,7 +683,6 @@ decaf_bool_t strobe_prng ( | |||
| return ret; | |||
| } | |||
| /* TODO: remove reliance on decaf? */ | |||
| decaf_bool_t strobe_verify_auth ( | |||
| keccak_sponge_t sponge, | |||
| const unsigned char *in, | |||
| @@ -720,4 +721,4 @@ decaf_bool_t strobe_respec ( | |||
| return ret; | |||
| } | |||
| /* TODO: Keyak instances, etc */ | |||
| /* FUTURE: Keyak instances, etc */ | |||
+ 7
- 7
test/shakesum.c
View File
| @@ -20,28 +20,28 @@ int main(int argc, char **argv) { | |||
| unsigned char buf[1024]; | |||
| unsigned int outlen = 512; | |||
| shake256_init(sponge); | |||
| shake256_gen_init(sponge); | |||
| /* Sloppy. Real utility would parse --algo, --size ... */ | |||
| if (argc > 1) { | |||
| if (!strcmp(argv[1], "shake256") || !strcmp(argv[1], "SHAKE256")) { | |||
| outlen = 512; | |||
| shake256_init(sponge); | |||
| shake256_gen_init(sponge); | |||
| } else if (!strcmp(argv[1], "shake128") || !strcmp(argv[1], "SHAKE128")) { | |||
| outlen = 512; | |||
| shake128_init(sponge); | |||
| shake128_gen_init(sponge); | |||
| } else if (!strcmp(argv[1], "sha3-224") || !strcmp(argv[1], "SHA3-224")) { | |||
| outlen = 224/8; | |||
| sha3_224_init(sponge); | |||
| sha3_224_gen_init(sponge); | |||
| } else if (!strcmp(argv[1], "sha3-256") || !strcmp(argv[1], "SHA3-256")) { | |||
| outlen = 256/8; | |||
| sha3_256_init(sponge); | |||
| sha3_256_gen_init(sponge); | |||
| } else if (!strcmp(argv[1], "sha3-384") || !strcmp(argv[1], "SHA3-384")) { | |||
| outlen = 384/8; | |||
| sha3_384_init(sponge); | |||
| sha3_384_gen_init(sponge); | |||
| } else if (!strcmp(argv[1], "sha3-512") || !strcmp(argv[1], "SHA3-512")) { | |||
| outlen = 512/8; | |||
| sha3_512_init(sponge); | |||
| sha3_512_gen_init(sponge); | |||
| } | |||
| } | |||